Privacy Policy

Last Updated: October 14, 2025

Compliance Notice

This Privacy Policy is designed to comply with the Indian Information Technology Act 2000, international data protection standards, and our commitment to the Pall Mall Process principles of transparency and accountability.

1. Information We Collect

1.1 Personal Information

We collect the following personal information when you register and use our platform:

  • Identity Information: Full name, username, email address
  • Contact Information: Email address, communication preferences
  • Professional Information: Role (researcher/acquirer), verification documents
  • Technical Information: IP address, browser type, device information
  • Usage Information: Platform activity, research posts, transactions

1.2 Research Data

We collect and process research-related information including:

  • Research posts and descriptions
  • Vulnerability details and proof-of-concepts
  • Transaction records and escrow information
  • Communication logs and collaboration data

2. How We Use Your Information

2.1 Primary Purposes

  • Provide and maintain our threat intelligence platform
  • Facilitate research transactions and collaborations
  • Verify user identity and maintain platform security
  • Comply with legal and regulatory requirements
  • Prevent fraud and ensure platform integrity

2.2 Compliance and Legal Purposes

  • Export control compliance (Wassenaar Arrangement)
  • Anti-money laundering and counter-terrorism financing
  • Law enforcement cooperation when legally required
  • Audit and compliance reporting

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: You have given explicit consent for data processing
  • Contract Performance: Processing necessary to provide our services
  • Legal Obligation: Compliance with applicable laws and regulations
  • Legitimate Interest: Platform security and fraud prevention

4. Data Sharing and Disclosure

4.1 Limited Sharing

We do not sell your personal data. We may share information only in the following circumstances:

  • With other platform users as necessary for transactions
  • With service providers who assist in platform operations
  • With law enforcement when legally required
  • With regulatory authorities for compliance purposes

4.2 Export Control Compliance

We may share information with relevant authorities to ensure compliance with export control regulations, including the Wassenaar Arrangement and other applicable international agreements.

5. Data Security

5.1 Technical Safeguards

  • End-to-end encryption for sensitive data
  • Secure data transmission using TLS/SSL
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms

5.2 Administrative Safeguards

  • Staff training on data protection
  • Regular security policy reviews
  • Incident response procedures
  • Data breach notification protocols

6. Data Retention

We retain your data for the following periods:

Data Type Retention Period Purpose
User Account Data 7 years from last activity Legal compliance, audit requirements
Research Posts 5 years after transaction completion Platform integrity, dispute resolution
Transaction Records 7 years Financial compliance, audit trail
Audit Logs 10 years Security monitoring, compliance
Verification Documents 3 years after account closure Identity verification, legal requirements

7. Your Rights

Under the Indian IT Act 2000 and applicable data protection laws, you have the following rights:

7.1 Access and Portability

  • Request access to your personal data
  • Receive a copy of your data in a portable format
  • Obtain information about data processing activities

7.2 Correction and Deletion

  • Request correction of inaccurate data
  • Request deletion of personal data (subject to legal requirements)
  • Withdraw consent for data processing

7.3 Restriction and Objection

  • Request restriction of data processing
  • Object to certain types of data processing
  • Lodge complaints with supervisory authorities

8. International Transfers

Your data may be transferred to and processed in countries outside India. We ensure appropriate safeguards are in place, including:

  • Adequacy decisions by relevant authorities
  • Standard contractual clauses
  • Binding corporate rules
  • Certification schemes and codes of conduct

9. Children's Privacy

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Displaying prominent notices on the platform

Your continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Information

For questions about this Privacy Policy or to exercise your rights, please contact us:

  • Data Protection Officer: dpo@covertpulse.in
  • General Inquiries: privacy@covertpulse.in
  • Address: [Company Address]
  • Phone: [Contact Number]

Your Consent

By using CovertPulse, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.